Hacker News: arestor

New comment by arestor in "Cloudflare Reverse Proxies Are Dumping Uninitialized Memory"

arestor — Fri, 24 Feb 2017 00:54:12 +0000

It's still UB. The array could potentially be at the end of the address space...

New comment by arestor in "Cloudflare Reverse Proxies Are Dumping Uninitialized Memory"

arestor — Fri, 24 Feb 2017 00:23:32 +0000

See https://news.ycombinator.com/item?id=13719437

New comment by arestor in "Cloudflare Reverse Proxies Are Dumping Uninitialized Memory"

arestor — Fri, 24 Feb 2017 00:22:45 +0000

Some features had a bug which lead to uninitialized memory (AKA previous memory contents) in the output of a malformed HTML page was requested.

As one such server handles many sites, everything that the server handled before that request may be compromised. This includes all HTTP-GET/POST data (credentials, direct messages to other users, ...), Headers (API tokens, Login-Cookies) and contents.

So, you have to assume that everything you did on a CF "protected" website in the last months (especially between 2017-02-13 and 2017-02-17) is potentially compromised.

New comment by arestor in "Cloudflare Reverse Proxies Are Dumping Uninitialized Memory"

arestor — Fri, 24 Feb 2017 00:16:11 +0000

It's C. If you have an array, you may only compare to one element behind the last. Everything else is undefined behavior. So a compiler may just "optimize" your >= to ==.